CVE-2019-7004 MEDIUM

CVE-2019-7004: Avaya IP Office XSS Vulnerability

Vendor Avaya
Product IP Office Application Server
Weakness CWE-79 · XSS
Published December 11, 2019
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

Key dates

02Disclosure timeline

December 11, 2019 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-24995 HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) CVE-2024-43151 WordPress Ultimate Addons for Beaver Builder – Lite plugin <= 1.5.9 - Cross Site Scripting (XSS) vulnerability CVE-2022-50948 Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting CVE-2024-52825 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)